CrowdStrike Launches Cybersecurity Search Engine

New CrowdStrike Falcon Search Engine empowers next-gen Security Operation Centers to search in real-time on the world's fastest and most comprehensive security platform.

SUNNYVALE, Calif. – CrowdStrike, the leader in cloud-delivered endpoint protection, today announced that it has significantly expanded the capabilities of the CrowdStrike Falcon platform by launching CrowdStrike Falcon Search Engine, the fastest and largest search engine for cybersecurity data. Today, CrowdStrike is introducing CrowdStrike Falcon MalQuery, the malware search and intelligence component of the search engine as part of its Summer product release.

With a vision to change the way security research, threat data collection, and intrusion detections and remediations are conducted, CrowdStrike is building the CrowdStrike Falcon Search Engine to be the industry’s most comprehensive platform for cyber threat intelligence and threat research. CrowdStrike Falcon’s scalable cloud-based architecture makes it the ideal foundation for a cybersecurity search engine.

CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion security events a day, and indexing more than 700 million files totaling more than 560TB of malware that can be searched in real-time. With this launch, customers can take advantage of the data to significantly speed up and improve their malware research capabilities in the Security Operations Center (SOC).

Key Capabilities of CrowdStrike Falcon MalQuery:

CrowdStrike Falcon MalQuery is available to existing CrowdStrike customers as an additional service and can be purchased as a stand-alone offering by new customers. With this new capability, customers gain the following significant advantages from the CrowdStrike Falcon platform:

Speed – CrowdStrike’s malware search engine is the fastest in the industry, enabling searching of 560TB of data in mere seconds, which currently takes days or weeks with other systems. This speed delivers a 250x performance increase for malware research without compromising the amount of data being searched. These speed gains are realized for all types of search, including string-based or YARA-based searches.

Clarity – CrowdStrike delivers the ability to search across the largest and most comprehensive searchable database of malware in the industry. The technology gives researchers more complete results by indexing both file metadata as well as the binary contents of the file, and overlaying the results with CrowdStrike Falcon Threat Intelligence. This yields high-fidelity results and empowers the researcher to take informed action based on only the most relevant search results and their related threat intelligence.

Protection – CrowdStrike’s faster, more accurate results lead to higher quality protection rules for proactive defense against future threats, which enables greater understanding and protection against an attacker’s next move. Customers of the CrowdStrike Falcon Endpoint Protection platform can also conduct real-time investigations based on search results to immediately understand their exposure to threats.

Fully Integrated – Through a single console, customers can search CrowdStrike Falcon Intelligence data for indicators, actors and reports with results displayed as a readily consumable, schematized snapshots. Additionally, they can conduct YARA searches with cross correlation to all CrowdStrike Intelligence data.

Moving faster than the adversaries and understanding threats in context are key to gaining the tactical advantage needed to defend organizations from modern-day sophisticated attacks. The reality for security professionals today is that their research tools are simply too slow. It can take hours or days to understand an attack and take protective action. They have to contend with slow queries, disjointed, incomplete data set and too many false positives, making it difficult to understand and thwart threats strategically. Search engines have revolutionized the speed at which we do research in all other aspects of our life and the CrowdStrike Falcon Search Engine does the same for cybersecurity.

At the core of the CrowdStrike Falcon Search Engine is patent-pending indexing technology. This index enables the engine to search across file metadata, the binary contents of the file itself, as well as the threat intelligence related to the file. The CrowdStrike Falcon Search Engine binary index is game-changing for security researchers with the scope of the data it indexes and the speed at which it can be searched, delivering only the most relevant search results in real-time.

The CrowdStrike Falcon platform search over all collected content: endpoint data, intelligence indicators and malware corpus. Its Investigate module allows CrowdStrike Falcon platform customers to search real-time and historical data for their enterprise with zero impact to their endpoints. With this announcement, CrowdStrike is also launching Intel indicator search that enable rapid consumption of search results without requiring the review of large contextual sources. As a result, for the first time, cybersecurity professionals have a tool that can keep up with rapid change arising from polymorphic malware and rapidly evolving threat variants.

If you are interested in learning more, read a blog about the announcement here. You can register here for a free trial.

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Published: 2017-05-09NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.